General
-
Target
file.exe
-
Size
247KB
-
Sample
220915-3dphlaaafm
-
MD5
95e21e08113fa1ee861e09172fc3b320
-
SHA1
bc96895c1924a58c0aa41252633ab447e0fdd979
-
SHA256
0bcccf1737d0879c490a4769bf80d80b33c9d0cc6fe014862f88411ae35d500d
-
SHA512
ca0cb250aaf9befeb1dd2529b8b4b9a72c71ae5925bd4cd9e0608994d271d87273fb81bb5977d2acaeb7a79a5149d3923d9f0875c4d57374d721a08b8cf9ba7f
-
SSDEEP
6144:jighTBjzf+vi1OJ+Zdf3EzZv2jZGY93Mxg4S:RT/iEtoxg7
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla3.12.09
185.215.113.216:21921
-
auth_value
893298c4bebea403e4a59dd151c4fcc2
Targets
-
-
Target
file.exe
-
Size
247KB
-
MD5
95e21e08113fa1ee861e09172fc3b320
-
SHA1
bc96895c1924a58c0aa41252633ab447e0fdd979
-
SHA256
0bcccf1737d0879c490a4769bf80d80b33c9d0cc6fe014862f88411ae35d500d
-
SHA512
ca0cb250aaf9befeb1dd2529b8b4b9a72c71ae5925bd4cd9e0608994d271d87273fb81bb5977d2acaeb7a79a5149d3923d9f0875c4d57374d721a08b8cf9ba7f
-
SSDEEP
6144:jighTBjzf+vi1OJ+Zdf3EzZv2jZGY93Mxg4S:RT/iEtoxg7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-